What are the alternatives available while using WSO2 Identity server as PDP?
If we use WSO2 ESB, its creating one extra layer..
So what benefits we will get by using it? If we use Sun's XACML API to send and receive request and response in some class which act as PEP then would it be bad design?
It is not needed to use the WSO2 ESB as a PEP. You can write you own PEP to integrate with your application. As an example, if your application is an java web application, you can write your own PEP client to call the EntitlementService.
Advantage of using WSO2 ESB is that, It can act as Security Gateway for you all type of requests. It can do authentication/security protocol switching and more.. It has an extensible architecture.. If your all idea is to only to use WSO2ESB as PEP, I do not think it is worth. ESB is also calling EntitlementService of the WSO2IS. Therefore you can directly call it from your application. You can write simple PEP client using java. You can find java client from here and you can integrate it with your application as PEP. There are some place that have been done it. Please find one from here. In his sample, command line client calling the EntitlementService
